By: Malwarebytes Corporation
A bright sunny day, you open your computer and insert the pen drive your friend just gave, only to find out that suddenly the PC starts acting whacky. Now, the entire system is slowed down, and all .exe files are turned into shortcuts.
You might be wondering what is happening? Well, you just received an infected file into the system via that pen drive. The same can happen if you open unknown attachments from the Internet, or download cracked software online.
What to do now? Is the malware very dangerous? Is it possible to remove this infection? Will my data be saved? All these questions are being showered into your head at the moment.
But worry not, we have some amazing tools in the market that can remove such infections. These tools which can clean all types of infections/malicious programs from your device, are known as Anti-Malware Software.
Many might also know them as Anti-Virus tools, which are fundamentally improved versions of Anti-malwares. With the help of anti-malware tools, we can clean most infections from our systems. These infections are of different types like worms, viruses, spyware, ransomware, trojans, etc. and can be listed in malware category.
Out of a plethora of anti-malware applications in the market, there are only few of them which guarantee and provide comprehensive protection against these threats.
From the lists of these programs, we will review Malwarebytes Anti-Malware. This program comes with a 14-day cost-free trial mode. In this version, all premium contents are unlocked, and so we can thoroughly test its features.
The history of Malwarebytes Inc. goes back in the year 2004, when the CEO stumbled across a sturdy infection that won’t go away even after trying popular anti-virus programs. The first base was laid when he worked over the project Rogue Remover, a small anti-malware tool.
After this initial release in the year 2006, the product evolved, and we finally got the unique version of malware removal tool in year 2009. As the time went on, Malwarebytes significantly enhanced its capabilities to remove even the peskiest infections, which even many great anti-virus tools failed to remove.
Now, Malwarebytes leads as a program that offers real-time protection as well as one-time scans across the computer systems. This program, post-2010, gained a substantial boost in its malware detection engine.
From a single product, they have now increased their baggage with tools to remove malwares, Endpoint Security for ransomware, Anti-Exploit to safeguard specific applications from being modified/corrupted.
The program is available on most platforms like Windows OS, macOS, Androids phones, iOS, and even as a web browser extension. For now, our review and assessment is limited to the Malwarebytes Anti-Malware.
Since the product has a big reputation in the market, we will try to evaluate it thoroughly. We will also give insight into some of the tests that have been conducted to evaluate their infection removal engine.
You might really be excited to know more about the working of Malwarebytes and see if it is reliable to remove malicious files from the systems or not. So before rushing on it, we need to know the UI first.
Like a regular setup file on your devices, we have to install the Malwarebytes Anti-Malware on our system. As the installation finishes, we will be prompted to input the Email ID for activating the 2-week trial.
Malwarebytes will not start the scan by itself. There is a small intro guide given on their site, which will explain how to begin the scanning process.
That’s why we won’t explain it here. All we can say that the procedure is very beginner-friendly. The interface is designed to be plug n play. All you need to do is press the scan button, and then it will start detecting the threats in your system.
The UI is split into multiple tabs. Of these, some of the important settings can be accessed from the main dashboard itself. The other tabs are to manage the scan settings, quarantine vault, and scan-reports.
The notification icon on the top right will alert if there are any threats found either while manual scanning, or via the real-time protection. You can directly do certain actions on the detected files from here.
If you encounter any files shown as a threat in the scanning process, quarantine it or remove it, depending on if the data is indeed an infection, or the software just gave a false positive.
Overall, as we can see, it is hardly complicated unlike many such products. The simplicity to use such threat removal tools is needed for the ordinary folks, who do not possess technical knowledge about these tools.
Regardless, before we start the scanning process, our aim must be to configure the scan first. How we’ll do that? Let’s see below!
The parameters or configurations can be managed from the Settings Tab below the dashboard tab. There are several things we can customize in it. This customization will help us in the scan procedure one way or another.
We must try to understand these settings and how their impact in the scanning process and the final reports. For a newbie, it is advised to stay with the default settings. In case you screwed something, you can always use the restore button to revert the changes in configurations.
Sadly, there is no save feature here to have different configurations for different situations. Let us see what we can alter in this section.
As usual, these are some of the basic settings to manage the application system. It has some elements for the scanning process while some for maintaining the app, quarantine vault, real-time monitoring, etc.
The app settings include installing updates, showing notifications, change the surveillance mode, impact of scan, context menu, language, proxy settings, user access, and send usage & threat statistics.
All of these are quite common in most of the Anti-Malware apps. There is nothing extraordinary in it except the Play Mode in the System.
Play Mode is similar to the stealth mode we see in many applications. A stealth mode is used to hide majority of notifications, pop-ups, and other warnings we see in a real-time scan, especially if we are doing some other activities.
Rather than closing all the notifications we receive; we were offered a choice to pick the apps to be in DND mode. The button Manage Applications allows picking an app that we want not to be interrupted.
This can range from video games to Cad software, important business presentations/meetings, and so on. We wouldn’t want such pop-ups to block our ongoing important work.
Now, rather than blocking all types of notifications, we have to pick an app for which all the alerts will be turned OFF. And so, we can pick applications like MS PowerPoint, video games, movies, etc., and enjoy them peacefully.
After that, we can select the priority level of a scanning process. Most of the time, as you might’ve noticed, such anti-malware tools take a huge chunk of resources while scanning the system.
This can hang other applications and even affect essential system processes. To manage that, we can set the priority to high or low depending on our goal. For multitasking, we need to pick lower process priority, whereas for quick scan, giving top priority to the scan is recommended.
Along with this, the user can also modify the accessibility of Malwarebytes, which can ensure that the Anti-malware’s files are not altered or corrupted by third-party programs or infections.
Now, when it comes to checking the depth of an anti-malware tool, customization features for the system protection are very much needed.
This is to give better control to the users in choosing what sections must be scanned, protected, and which files must be spared. Many times programmers test different exe files, many of which can be blocked by these tools.
In the protection settings, we are given the option to pick the Real-Time protection status. Real-Time protection is meant for constant system monitoring.
The main types of real-time protection given by Malwarebytes are Web Protection, Exploit Protection, Malware Protection, and Ransomware Protection.
We need not to explain each of these since most of them are quite understandable. The only out of the box feature is the exploit protection, which has only recently been started to be included in anti-virus programs.
Exploits are data commands that take advantage of liabilities in a system and use it to damage the target system. Depending on the attack type, an exploit can utilize the OS vulnerabilities or any other linked programs to carry their attacks.
.exe files don't usually execute these attacks and so most protection software as well Windows DEP can’t detect it. It mostly operates via shell programs, root .dll files, etc. For that reason, Malwarebytes has specifically given this feature to safeguard our system.
After this, the scan options can be set to scan for rootkits, PUPs, PUMs, scanning archives, and also enable self-protection. Self-Protection safeguards the files of Malwarebytes from being corrupted by malicious programs.
Wouldn’t it be so binding if we have to sit in front of our system every time we want to scan it for infections. Many times, the scan takes hours, and in case of an anomaly, we will need to start it all over.
In the work shifts, putting the system on the scan can affect the work schedule and effectiveness. Due to that, we are advised to do the system scan only after we have finished the work or in free time like lunch breaks.
To do that, we need some kind of scheduling tool. It must be an inbuilt mechanism to manage the scan schedule and its consistency in an anti-malware program.
In Malwarebytes, we are given the schedule tab in the settings menu. The interface of the scan schedule lists the net schedule setup by users. Let us check how to add a scan schedule.
Pick the Add New button on the bottom of this panel. From there, a pop-up to manage the time settings is shown.
In this pop-up, options to choose the scan type, date/time, frequency, scan options, and recovery task. The scan type refers to the depth of scan like Quick Scan, Custom Scan, Hyper Scan, etc.
The date/time & frequency manage the timings as well as how often the scan will be conducted. Recovery task is used to assign re-scan attempt under 24 hours, in case the scheduled scan is missed. If the system is functional within 24 hours of a missed scan, recovery task will resume it.
The scan options include general settings like quarantine all detected threats, restart for threat removal, scan for rootkits, and archives.
The last section before the scanning process is the scan exclusion list. The panel allows users to add files and procedures that will be bypassed as the inspection process commences.
There are several types of things we can add to the exclusion list. It can be a file/folder, website, application that connects to the Internet, and even a detected exploit.
Pick any one of the above, and proceed to reveal the location of that file, or process. Once done, Malwarebytes will skip that file while scanning, and preclude it from getting quarantined.
In the file/folder selection box, we can customize the exclusion only for malware, PUPs, or PUMs. For website exclusion, we can add both domains/URLs, and IP addresses.
Overall, this was a necessary setup in Malwarebytes. Most products in the market come with an exclusion feature. The only risk of exclusion lists, is that few infections can detect these excluded locations and can set themselves there.
With this, our settings for the pre-scan and post-scan session is completed. As we have seen, Malwarebytes has offered a highly all-inclusive menu to configure a scan. These settings are more than enough for novice as well as advanced users.
Now, we need to finally head on to see how efficient Malwarebytes is, in detection and the removal of malwares, or other infectious files.
For any anti-malware tool, it is quite important to distinguish the scanning procedure into separate parts. Why it has to be so?
Well, the infections in your system can be of different types. It may only be a low-threat virus running around, or it can be a complete hell, with hundreds of infections residing into your computer.
In both cases, the procedure of scan differs. The more threats we have in our system, more time it is going to take to clean them all. Not all of them are easily removable. Some might even require multiple restarts.
Imagine going through such trouble while your important project is going on. You wouldn’t want to commence a full system scan during that time, isn’t it?
But if our system is quite healthy and free of infections, we can try to check it at specified intervals for infectious programs. For that, a routine quick-scan of the system drive is enough.
As we said, some malicious programs need system restart to be removed successfully, while some are easily removable. Also, the size of the system determines how long the scan is going to take.
Therefore, Malwarebytes has divided the scan types into three main sections, viz. Threat Scan, Custom Scan, and Hyper Scan. These three scan methods have different levels of customization, and also have their own conditions to clean the system. Let us see how these scan procedures differ.
Out of the 3 scan types, this scan is the most detailed one. It is used to scan an entire system for different kinds of threats. Also, this scan will possibly take longer time than other 2.
Certain sectors are under the radar of this type of scan. These areas are System Processes, Memory Objects, Registry Files, Startup Processes, Local Files, and Heuristic Analysis.
Out of these, most of them are very more comfortable to grasp. As we know, system processes, local files, process running in current memory and registry files are foremost targets of most malwares.
Scanning them first allows them to leach out these infections easily. However, many anti-malware programs are now employing Heuristic Analysis for a much better scan approach.
Sometimes, malicious files are way too smart to be detected easily. They are capable of learning the anti-malware detection process and then adapt accordingly.
For that, the heuristic analysis uses tons of signature from the virus database and then compares the code with the suspicious programs. If there are any matching sections in the code, it is put under red-alert and files are quarantined.
However, the disadvantage of this method is that it has higher chances to return false-positives. Since the program codes can be similar many times, it locks even some legit programs due to matching codes.
That is why heuristic analysis is most commonly used to counter the smart infections, that try to evolve with every attack. Researchers constantly add more codes and infection list to improve the heuristic analysis.
This scan has a click-based interface, and so, you just select Threat Scan and begin the scan process. Sit back and let Malwarebytes do its work. The process is automated, and so there isn’t any operational complexity here.
This scan is like choosing your own dish at the restaurant. You can pick a desired drive, file/folder to be scanned via custom scans.
The details provided by Malwarebytes here are sufficient for a custom scan. Combined with the scheduling process, we can highly customize the scan timings as per convenience.
So the question is, how to use a custom scan feature? Is it too complicated for beginners like me? All such questions are legit in the minds of our readers. But worry not, we are here to clarify that too.
Basically, think of it as a police raid. To keep city criminals free, the police have the power to prioritize them. The first step is to get a hunch. Then they can start from various known locations.
Similar to that, in the custom scan, we can prioritize the drives we want to scan. And identical to the criminal priority levels, we can also select what type of infections we are looking for. It may be a malware, rootkit, archived virus, or any infection troubling the system startup.
All of these scans are pickable in the custom scan menu. There are options to scan for PUPs and PUMs also. After that, select the file/folder or a drive that you want to check for infections.
Once done, press the scan button and begin the process. The process from here on is pretty apparent. In this way, we can utilize a custom scan. We can even scan external drives like USB, Hard drives, DVDs, etc. with it.
This is quite handy in a situation where we have brought files from other infected systems, like in a USB drive.
This is the last type of scan backed by Malwarebytes. This is the scan that takes lesser time than the threat scan. It may take even lesser time than custom scan in a few situations.
This is because the hyper scan is created to inspect merely startup and memory locations, i.e., processes that begin after the OS boots or current processes occupying system memory.
This is very simple scan, and in case you stumble across any infection, all you need is to clean it. After this, you can try to conduct a system-wide scan with Threat Scan.
With this, we have covered all the scan procedures that can be performed in the Malwarebytes setup. As we can deduct from the above writings, Malwarebytes have given very exhaustive scan customization.
On top of that, it is usable by most users, regardless of their experience levels. There are only few tools offering such detailed choices in the custom scan.
Going through the above sections, most of us might wonder what to do after the scan? How to manage these threats? Should we keep them in the vault? Is it ok if I allow this low-threat program?
All these queries meddle with novice minds. To answer them, we will review the post-scan procedure here. The post-scan process is essential since it determines the final fate of the infections.
Unlike conscious beings, malicious programs won’t have a change of heart. We have to remove the ones that are real threat to the systems, and then also allow false positives, especially if they are important processes.
In Malwarebytes, the central panel consists of an option called Detection History. As the name suggests, this section is used to store the list of threats that were detected in past scans.
This section is split into Quarantine Vault, Allowed programs, and History. We can make use of all three to keep records for other applications.
The first tab lists out all the quarantine files detected, either via real-time protection or via the regular scanning process. The quarantine vault may show precise details about the detained infections.
The main details include the name of infection, origin date, type, and location. There are not much details than this, but whatever info is existing here, that’ll still work.
They can add an option to get more detailed info on the selected virus, especially for advanced users. There are checkbox buttons in front of each blocked file. We can select multiple files from here, and then either release them or delete them permanently.
It lacked a file filter, though. Adding a filter to separate the files based on threat levels, size, or scan type can make it easier to decide which files to keep and which to remove.
The next part of the detection history is the Exclusion List. This has been already explained earlier. The last part is Scan History. In this section, all the infections detected so far are shown.
Unlike the quarantine vault, it does not store the infected files. It is just a record for all the threats detected so far.
Overall, this section is mainly for the post-scan processes. We can delete the malwares from here or restore the false positives. Adding to this, there’s one last section to be reviewed.
The scan reports contain reports of all types of scan processes conducted in the last 30-days. For now, it has only two tabs viz., scan type and date of scan.
To see more details of any reports, just hit the eye icon at the end of it. The report of the scan is detailed enough to give you complete idea on the scan procedure, the total threats found, type of threats detected, actions completed, and so on.
With the export button, we can either copy the report on a clipboard or save it in text file. In the reports menu, you can also see the delete button beside the eye icon. This can individually delete a report or use the delete all button on the top of this menu.
The report for the scan schedule can also be viewed in this part. The schedule report lists the timings of the scan process set by us.
There is one difference we saw in one of the top tools like HitmanPro and Malwarebytes in the reports section. The difference is in the report logs. The details in HitmanPro are way better than here.
HitmanPro has even explained intricate info about every suspected file. Compared to that, Malwarebytes’ details are quite limited. There are no explanations given for the suspected files and their behavior.
Nevertheless, we believe over time, Malwarebytes will eventually increase the data in these reports. With this, we are now left with exploring the final frontier of our product review, i.e., test certifications.
One of the things we often miss while purchasing an anti-virus or anti-malware software is their net performance compared to other products. We can review a fancy UI all day long, but what is the use, if the program isn’t able to detect the infections and clean them.
Sometimes, a small basic tool has more capability of cleaning a system from infections than a software with fancy UI. Boot ISO are readily available from many security organization for free, which are capable of removing the infection much better than a dedicated tool.
So, what to do? How to check if my anti-malware program has a good engine and database to detect most infections and remove them?
We are ordinary folks and don’t have time to test every other tool. For that, we can look for some independent labs and organizations that routinely test anti-malware programs.
With these tests, we determine the comparative performance of an anti-malware program. Such experiments have scores/ratings that are used to judge how capable these tools are.
The tests are pretty elementary. All they do is put tons of infection in a machine, then install the anti-malware into it, and then see if it can detect and remove those infections.
These malicious files are of all types, from simple .exe files to complex exploits, spyware, ransomware, worms, etc. The more infections a tool removes, the better its ratings are. Similarly, the more reports from such independent labs and organizations, more trustworthy a program becomes.
In here, we have a report from Info-Tech Research Group. They run annual reports on various types of security tools and check if these products are viable or not. For that, multiple factors are considered.
Apart from technical details like testing the detection engine, real-time capabilities, forensics, kernel monitoring, infection database, etc., they include passive factors like UI of the software, customer satisfaction, value for money, and usage difficulty too.
The summary of all these decides how such anti-malware software performs on all front. Developers get an insight from the reports and improve their features in later updates.
In this report, Malwarebytes scored around 80% ratings in customer satisfaction, product features, recommendation likeliness, business value, etc.
This undoubtedly proves that Malwarebytes has indeed incorporated very sophisticated features in its package. The higher ratings in customer satisfaction and recommendations, demonstrate that it is the first choice for many people looking to secure their systems from malwares.
As perceived here, Malwarebytes have now backed up their claim to be a top anti-malware program, using the test reports of many reputed organizations. Therefore, under normal circumstances, Malwarebytes will clean most of the infections from your system without a flinch.
We have quite thoroughly investigated the working of Malwarebytes’s Anti-Malware tool. Coupled with the experience of many people across the globe including computer security organizations, Malwarebytes has reinforced its place as the top Anti-Malware.
With so many in depth features in it, they drove on to reimburse the full value of their subscription package. The subscription package is currently at around $44, which is adjacent to many other similar product’s prices.
It is definitely somewhat costly than other tools, but it is worth every penny. The advanced features, high-tech real-time protection, exhaustive and ever updating malware database, etc. entirely validates the pricings.
The only thing we found that can be restructured, is the log’s section. The records can be made more detailed. Also, adding parental controls in it will make it a complete suite.
All in all, Malwarebytes is indeed your security products to deal with those frustrating infections in your computer system. The free version is forever usable, which is a big plus point. If you still doubt it, feel free to try it and let us know in the remarks below about it.